15 Vulnerabilities In 11 Elementor Addons Hit +3M WordPress Sites

Researchers have issued advisories for eleven separate Elementor add-on plugins with 15 vulnerabilities that may make it potential for hackers to add malicious information. One among them is rated as a excessive risk vulnerability as a result of it will possibly permit hackers to bypass entry controls, execute scripts and acquire delicate information.

Two Totally different Sorts Of Vulnerabilities

The vast majority of the vulnerabilities are Saved Cross Web site Scripting (XSS). Three of them are Native File Inclusion.

XSS vulnerabilities are among the many commonest type of vulnerability present in WordPress plugins and themes. They often come up from flaws in how enter information is secured (enter sanitization) and in addition how output information is locked down (output escaping).

A Native File Inclusion vulnerability is one which exploits an unsecured person enter space that enables an attacker to “embody” a file into the enter. Embrace is a coding time period. In plain English a file inclusion is a scripting factor (a press release) that tells the web site so as to add a selected code from file, like a PHP file. I’ve used consists of in PHP to herald information from one file (just like the title of a webpage) and stick it into the meta description, that’s an instance of an embody.

This sort of vulnerability generally is a severe risk as a result of it permits an attacker to “embody” a variety of code which in flip can result in the power to bypass any restrictions on actions that may be carried out on the web site and/or permit entry to delicate information that’s usually restricted.

The Open Net Software Safety Challenge (OWASP) defines a Native File Inclusion vulnerability:

“The File Inclusion vulnerability permits an attacker to incorporate a file, often exploiting a “dynamic file inclusion” mechanisms carried out within the goal utility. The vulnerability happens on account of the usage of user-supplied enter with out correct validation.

This will result in one thing as outputting the contents of the file, however relying on the severity, it will possibly additionally result in:

Code execution on the internet server

Code execution on the client-side equivalent to JavaScript which might result in different assaults equivalent to cross web site scripting (XSS)

Denial of Service (DoS)

Delicate Info Disclosure”

Checklist Of Susceptible Elementor Add-On Plugins

There are eleven complete Elementor add-on plugins which have vulnerability advisories, two of which had been issued at this time (March twenty ninth), two of which had been issued on March twenty eighth. The remaining seven had been issued inside the previous few days.

A number of the plugins have a couple of vulnerability in order that there are a complete of 15 vulnerabilities in eleven of the plugins.

Out of the eleven plugins one is rated as a Excessive Severity vulnerability and the remainder are Medium Severity.

Right here is the checklist of plugins listed in descending order of the latest to the earliest. The numbers subsequent to the vulnerabilities denote if they’ve a couple of vulnerability.

Checklist of Susceptible Elementor Add-Ons

ElementsKit Elementor addons (x2)
Limitless Components For Elementor
140+ Widgets | Greatest Addons For Elementor
Higher Elementor Addons
Elementor Addon Components (x2)
Grasp Addons for Elementor
The Plus Addons for Elementor (x2)
Important Addons for Elementor (x2)
Component Pack Elementor Addons
Prime Slider – Addons For Elementor
Transfer Addons for Elementor

Excessive Severity Vulnerability

The Excessive Severity vulnerability is discovered within the ElementsKit Elementor Addons plugin for WordPress is very regarding as a result of it will possibly put over one million web sites at risk. This vulnerability is rated 8.8 on a scale of 1- 10.

What accounts for its reputation is the all-in-one nature of the plugin that enables customers to simply modify just about any on-page design function within the headers, footers, and menus. It additionally features a huge template library and 85 widgets that add further performance to webpages created with the Elementor web site constructing platform.

The Wordfence safety researchers described the vulnerability risk:

“The ElementsKit Elementor addons plugin for WordPress is susceptible to Native File Inclusion in all variations as much as, and together with, 3.0.6 through the render_raw perform. This makes it potential for authenticated attackers, with contributor-level entry and above, to incorporate and execute arbitrary information on the server, permitting the execution of any PHP code in these information. This can be utilized to bypass entry controls, acquire delicate information, or obtain code execution in circumstances the place photos and different “protected” file sorts will be uploaded and included.”

Hundreds of thousands of WordPress Websites Affected

The vulnerabilities might have an effect on over 3 million web sites. Simply two of the plugins have a complete of three million energetic installations. Web sites have a tendency to make use of simply considered one of these plugins as a result of there’s a certain quantity of overlap between the options. The all-in-one nature of a few of these plugins implies that just one plugin is required so as to entry vital widgets for including sliders, menus and different on-page parts.

Checklist of Susceptible Plugins By Quantity Of Installations

Important Addons for Elementor – 2 Million
ElementsKit Elementor addons – 1 Million
Limitless Components For Elementor – 200k
Elementor Addon Components – 100k
The Plus Addons for Elementor – 100k
Component Pack Elementor Addons – 100k
Prime Slider – Addons For Elementor – 100k
Grasp Addons for Elementor – 40k
140+ Widgets | Greatest Addons For Elementor – 10k
Transfer Addons for Elementor – 3k
Higher Elementor Addons – Unknown – Closed By WordPress

Advisable Motion

Though most of the medium stage severity vulnerabilities require hackers to acquire contributor stage authentication so as to launch an assault, it’s finest to not underestimate the chance posed by different plugins or put in themes that may grant the attacker the power to launch these particular assaults.

It’s usually prudent to check up to date themes earlier than pushing updates to a dwell web site.

Learn the official Wordfence advisories (with CVE numbers):

A. 03/29 ElementsKit Elementor addons <= 3.0.6 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-1238

B. 03/29 ElementsKit Elementor addons <= 3.0.6 – Authenticated (Contributor+) Local File Inclusion in render_raw CVE-2024-2047 8.8 HIGH THREAT

03/29 Unlimited Elements For Elementor <= 1.5.96 – Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Link CVE-2024-0367

3/28 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.2 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-2250

3/28 Better Elementor Addons <= 1.4.1 – Authenticated(Contributor+) Stored Cross-Site Scripting via widget links CVE-2024-2280

A. Elementor Addon Elements <= 1.13.1 – Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-2091

B. Elementor Addon Elements <= 1.13.2 – Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via ‘Text Separator’ and ‘Image Compare’ Widget CVE-2024-2792

Master Addons for Elementor <= 2.0.5.6 – Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget CVE-2024-2139

A. The Plus Addons for Elementor <= 5.4.1 – Authenticated (Contributor+) Local File Inclusion via Team Member Listing CVE-2024-2210

B. The Plus Addons for Elementor <= 5.4.1 – Authenticated (Contributor+) Local File Inclusion via Clients Widget CVE-2024-2203